Wednesday, 4 June 2014

Companies asked by Washington to use online services to spy on customers

Foreign technology services providers such as Google and Apple can become cybersecurity threats to Chinese users, security analysts said, one week after China announced that it will put in place a security review on imported technology equipment.

Other major tech companies, such as Yahoo, Cisco, Microsoft and Facebook, were required by the US National Security Agency to transfer their users' information, according to Wan Tao, founder of Intelligence Defense Friends Laboratory, an independent institution focusing on cybersecurity in China.

Wan said that online services have become a major way for the US to steal information globally.

Ning Jiajun, a senior researcher at the Advisory Committee for State Informatization, said, "Previously, the US asked companies to install wiretapping software on their technological products, but if users found and shut down related functions, its 'plan' would fail," he said.

For instance, information on a Chinese organization can be stolen when it places an order on an international shopping website, he said.

With technologies such as cloud computing and big data getting popular, information can be collected and analyzed immediately, which means the damage can be much greater and more difficult to prevent, analysts said.

"It can be said that those who master online services can get more information in cyberspace," said Du Yuejin, director at the National Engineering Laboratory for Cyber Security Emergency Response Technology.

Last month, China's Internet Media Research Center issued a report saying the NSA makes use of large technology companies for its wiretapping plans, including Prism, which was unmasked by former NSA intelligence leaker Edward Snowden, asking them to collect information on their users and urging them to hand in the data regularly.

The report also said that the NSA has taken iOS and Android, two leading mobile operating systems applied to iPhone and Samsung, as the "gold mine" of data.

The NSA grabbed users' information and stored most of it for analysis by invading database and communication networks of Yahoo and Google, while it has also controlled applications on smartphones with Britain, said the report released at the end of May.

"The US, in fact, could get these users' information or conduct the wiretapping by attacking the network instead of 'cooperating' with the enterprises, but it might take more time and money," said Wan.

The actions of the NSA have put huge pressure on US technology companies, as customers from Paris to Sao Paulo and from Beijing to Berlin worry about their privacy being invaded.

US President Barack Obama held two discussions with CEOs of major US technology companies in the past six months about the NSA snooping, which led to a "reform" of the NSA to focus on protecting US citizens' privacy, but with little improvement on foreign organizations and citizens.

In May, John Chambers, chairman and CEO of Cisco Systems, wrote a letter to Obama urging Washington to stop using the company for surveillance of its customers, according to an Al Jazeera report.

The spying actions of the US have underscored the urgency of formulating common rules for activities in cyberspace

Last month, the United States Attorney-General Eric Holder announced the indictments of five Chinese military personnel on cyber espionage charges, accusing them of hacking into US companies in the nuclear power, metals and solar products industries. This has seriously compromised relations with China and sabotaged the bilateral cybersecurity cooperation that had been put back onto a normal track after overcoming setbacks.

With the indictments, the US has tried to present itself as the largest victim of cyberattacks, when in fact it is the Cold War mentality and troublemaking of the US that have precipitated the instability and insecurity in cyberspace. If the US doesn't change its behavior, all peoples in the world may become victims of Internet insecurity.

In June 2013, Edward Snowden, a former US National Security Bureau contractor, revealed US intelligence agencies were conducting large-scale network spy programs, such as PRISM, Xkeyscore and others, across the world. His disclosures indicated the omnipotence of the US' Internet surveillance and cyberattacks, which range from spying on communication metadata and backbone networks to the monitoring of short message services, instant messaging and video chats; from spying on ordinary people to spying on enterprises, universities, military units and even heads of state, not to mention the revelations about the US' cyber warfare capabilities.

Aside from its cyber command that has been rapidly growing, the US' marine, land and air forces have also set up their own cyber headquarters. Cyber combat capabilities are already regarded as part of the weaponry of the US' fighting forces. A series of US cyber combat programs have been revealed, from Stuxnet to Fslame and X-Plan, all of which indicate that the US has mastered more complicated means and more threatening abilities than other countries in terms of cyberattacks.

The latest indictments against the five Chinese military personnel have also reminded people of a series of previous cyber espionage claims against China by the US. In February 2013, Mandiant, a US cybersecurity firm, released a report accusing China's military of plotting hacker attacks against US enterprises. After that, many in the US, including the president and senior government officials, expressed a tough stance toward China and threatened economic sanctions against it. Some even suggested that US enterprises "hacked" by China should make cyber counterattacks in retaliation. Such groundless accusations of Chinese cyberattacks have drastically tainted the US' domestic political environment toward China and also frozen cybersecurity cooperation between the two countries.

The Chinese government has consistently advocated a new type of major-power relations with the US, and it has refrained from overreacting to Washington's "threatening signals". Even after the Snowden revelations, the Chinese government still adhered to the principles of no-conflict, no-confrontation, mutual respect and mutually beneficial cooperation, and it is actively pushing for cooperation with the US in cybersecurity and working for the establishment of a cybersecurity work panel under the Sino-US Strategic and Economic Dialogue framework.

All the evidence indicates that it is the US that is the world's largest Internet hacker and that the global cyber arms race triggered by the US' actions poses the largest threat to global cybersecurity. The US has so far cited "for the sake of national security" as the only excuse for its pervasive Internet espionage. The US should know that a country cannot put its national security above the interests and national security of other countries and the basic norms of international relations. The double standards the US has embraced in cybersecurity have damaged its credibility and compromised its image as a responsible power.

To enjoy the dividends of the booming Internet sector and communication technologies, cyberspace must be peaceful, safe, open and cooperative. Cyberspace should not be a field for either a cold or hot war, and the latest developments have once again underscored the importance and urgency for formulating common rules for cyber activities.

The US indictments of the Chinese military personnel are not conducive to global efforts to maintain the stability and security of cyberspace. The US, by taking advantage of its technological and military dominance, has established a cyber hegemony. It is hoped the US can lead the global Internet sector to develop in a healthy direction, as it once spearheaded the progress of Internet technologies for human progress.

- Contributed By Tang Lan (China Daily)
The author is deputy director of the Institute of Information and Social Development Studies, China Institutes of Contemporary International Relations.